Asked by:

rundll32.exe is trying to execute different dll, exe files when PC is idle

Question

On fresh a installation of 32-bit Windows 7 RC (downloaded from Microsoft TechNet site) I'm keep getting these Defense+ alerts (Comodo Internet Security) that rundll32.exe is trying to execute one or another dll / exe files ONLY when the PC is idle .

I've ran Avira (installed), Kaspersky, F-secure (both online) and Malwarebytes' Anti-Malware, many times and they've found nothing so far.

Here are some of the file names rundll32.exe tries to execute: Microsoft.stdformat.dll, QtCore4.dll, QtNetwork4.dll, jpeg62.dll, sqlceca30.dll, speedfan.exe (hard drive, temp etc monitoring program), CamMenuPlayer.exe, CamRecorder.exe (TechSmith Camtasia files) and many others I wasn't able to get name of.

The screensaver is set at 40 min and turn display off is at 45 minutes but this rundll32.exe alerts I get anywhere between around 15/20 min. The alerts also pops up even when I turned off the screensaver & 'turn display off' settings.

My main question/concern is the behavior of rundll32.exe, why it tries to execute any file in first place, even when no program is running (is this normal ?) and more importantly why only when the PC is idle ? (the alert never pops up when I'm using the PC)

All replies

I have the same issue here. My firewall / antivirus trigger a warning everytime the PC is idle, because rundll32 try to execute lots of files (exe´s, dll´s among others). I think its a normal behaviour, and Windows is just indexing files (my system is clean from malware, it even happens in a clean installation, not connected to external network, with a new hard drive). But I would like to have a official word from Microsoft about this.

In fact, if it´s the indexer, I would like to say that sometimes the indexer try to index a file beeing downloaded by utorrent, and it makes the download fail. uTorrent give a error: "Cannot write the file beeing used by another process". And, it too happens only with the pc idle.

Yes, I do realize this. But rundll32 trying to execute random exe´s and dll´s across my drive don´t exactly remembers me of telemetry. There is no point (for microsoft) to "telemetry" a dozen files inside my system32 folder, if it was microsoft who put the files there in first place.

For me, telemetry have much more to do with what is installed, unninstaled, user opening / closing programs and so on. So far, all I see is just random acess of lots of files, AND rundll32 don´t tried to connect to internet after it reads the random data. If it was telemetry, I suppose rundll32 would try to "delivery" the data to microsoft?

I have a brand new Toshiba laptop with Windows 7 64bit. I also have comodo installed and am getting these same messages that rundll32 keeps trying to run all sorts of programs. My first thought was definitely virus because all those programs shouldn't be running all the time. So it is not just the RC system but the release that is also doing this. Microsoft, why is it doing this?? How can I make it stop?

same here , everything from nod32 (i'm fine with that, lol )..............but movies?.....it tries to run update programs that are disabled, video files, audio files......almost anything !........and as a matter of fact,....i forget the exact wording but event viewer had a warning that....."dll's were being loaded for EVERY FILE ".....in my system !.......i wouldn't trust "milk you soft "........as far as i could throw one of their fat ____ ceo's or stockholders, so it would not surprise me if this were NOT malware or something,........but i wish someone would find a way to neuter it !

For those of you experiencing rndll32.exe issues...the rundll32.exe is a list of system processes linked to the Windows registry. What often often happen is that due to various reasons the files in the registry linked to the rundll32 become corrupted. So
when this occurs the rundll32.exe because its part of the system processes will continue trying to execute the corrupted files over and over.

So the first thing you do is identify the specific rundll32.exe process as Jags FL mentioned.

"Here are some of the file names rundll32.exe tries to execute: Microsoft.stdformat.dll,
QtCore4.dll, QtNetwork4.dll, jpeg62.dll, sqlceca30.dll, speedfan.exe (hard drive, temp etc monitoring program), CamMenuPlayer.exe, CamRecorder.exe (TechSmith Camtasia files) and many others I wasn't able to get name of."

then all you do is stop the processes involved by opening start- run - type services.mse- in services mse end the specific processes related to your problem.

If this does not work you will need to delete the corrupted entries in the registry. Here is a walkthrough that will guide you to making
Windows registry Edits. Another solution could be for you to leverage a Windows registry cleaner that will remove the corrupted entries in the registry. Here are reviews of good
Windows registry cleaner's.

Microsoft is conducting an online survey to understand your opinion of the Technet Web site. If you choose to participate, the online survey will be presented to you when you leave the Technet Web site.